Microsoft has acknowledged an error across all Windows client versions including Windows 11 (22H2, 21H2) and Windows 10 (22H2, 21H2, and Enterprise LTSC 2019), that is affecting the BitLocker Configuration Service Provider (CSP) encryption reporting, a crucial tool employed by enterprises to manage PC and device encryption. The discovered glitch is showcasing an “error code 65000” within the “Require Device Encryption” setting on Intune, which is primarily utilized for Mobile Device Management (MDM).
Third-party Apps Potentially Impacted
Microsoft reports that the issue may extend and impact other similar third-party apps beyond Intune. Specific circumstances under which this issue manifests include the utilization of FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings. Environments affected by this inconsistency are those where the policies such as “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” are enabled, resulting in this unexpected error being displayed. It is imperative to note that this issue pertains solely to reporting and does not inhibit drive encryption or the reporting of other issues on the device, including other BitLocker issues.
Microsoft Provides Short-term Solution
As of yet, Microsoft has not been able to devise a permanent solution to the issue. However, the tech giant presents a preliminary workaround entailing a change in policy settings to “not configured”. Specifically for Microsoft Intune users, the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies can be set to “not configured” as a temporary measure to abate the issue. Microsoft remains committed to working on a comprehensive resolution and commits to provide an update in a forthcoming release. More details on the issue can be found on Microsoft's health dashboard website.
